-
-
[原创]再发个crackme08040101-大家帮忙试下
-
发表于: 2008-4-3 23:31
-
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
:(又没有坚持1天。
看来还得加大强度。 
|
|
|
|
|
|
|
|
|
 被ccfer一语道破。就是bool代数做的繁华,从vmprotect那里学来的,抄袭了一点。vmprotect用的是"或非门",我这里用的基本单元是"与或非门",它们都同"与非门"一样,可是实现所有逻辑功能。 里面主要通过"与或非门"实现的是“四位同比较器”和“位同比较器”,本以为强度足够,没想到这么快被搞定,早知应把"半加器","全加器"用上,拖延点时间。 看来组合逻辑不管用,下次得做个时序逻辑的。呵呵。 只把主要函数列出,请ccfer,forgot帮忙指点。 与或非门 Z=!(A*!B+C*!D)
bool chkregcode(unsigned char *pnamevalue,unsigned char *pregcodevalue,unsigned char *pkey)
{
unsigned char namevalue[8];
unsigned char regcodevalue[8];
unsigned char keyvalue[8];
unsigned char tmpa[4];
unsigned char tmpb[4];
unsigned char tmpc[4];
int tmpi;
for(tmpi=0;tmpi<8;tmpi++,pnamevalue++,pregcodevalue++,pkey++)
{
namevalue[tmpi]=*pnamevalue;
regcodevalue[tmpi]=*pregcodevalue;
keyvalue[tmpi]=*pkey;
}
for(tmpi=0;tmpi<4;tmpi++)
{
tmpa[tmpi]=vm_xor(namevalue[tmpi],keyvalue[tmpi]);
tmpb[tmpi]=regcodevalue[tmpi];
}
tmpc[0]=vm_same4(tmpa,tmpb);
for(tmpi=0;tmpi<4;tmpi++)
{
tmpa[tmpi]=vm_xor(namevalue[tmpi+4],keyvalue[tmpi+4]);
tmpb[tmpi]=regcodevalue[tmpi+4];
}
tmpc[1]=vm_same4(tmpa,tmpb);
tmpc[2]=vm_same1(tmpc[0],tmpc[1]);
tmpc[3]=vm_same1(tmpc[1],0xff);
return (tmpc[3]==0xff&&tmpc[2]==0xff);
}
unsigned char vm_nop1(unsigned char a0)
{
unsigned char tmpc1;
unsigned char tmpc2;
tmpc1=a0;
tmpc2=a0^0xff;
tmpc1=tmpc1|tmpc2;
tmpc2=tmpc2^0xff;
tmpc2=tmpc1&tmpc2;
return tmpc2;
}
//深1层vm
//nor
unsigned char vm1_nor(unsigned char a0,unsigned char b0)
{
unsigned char tmpc1;
tmpc1=a0|b0;
tmpc1=tmpc1^0xff;
return tmpc1;
}
unsigned char vm1_not(unsigned char a0)
{
return vm1_nor(a0,a0&vm_nop1(a0));
}
//循环移
int vm_ror_int(int value,int count)
{
count=count%32;
return (value>>count)|(value<<(32-count));
}
unsigned char vm_ror_B(unsigned char value,int count)
{
count=count%8;
return (value>>count)|(value<<(8-count));
}
//与或非
unsigned char vm_nao(unsigned char a0,unsigned char b0,unsigned char c0,unsigned char d0)
{
unsigned char tmpc0,tmpc1,tmpc2,tmpc3;
//garbage start swap c0,a0//b0,d0
tmpc0=c0;
c0=vm_nop1(a0);
a0=vm_nop1(tmpc0);
tmpc0=d0;
d0=vm_nop1(b0);
b0=vm_nop1(tmpc0);
//garbage end
tmpc1=b0^0xff;
tmpc1=a0&tmpc1;
tmpc2=c0&(d0^0xff);
tmpc3=(tmpc1|tmpc2)^0xff;
return tmpc3;
}
//非 not=!(a0*!a0+a0*!a0)
unsigned char vm_not(unsigned char a0)
{
return vm_nao(a0,a0^0xff,a0,a0^0xff);
}
//或
unsigned char vm_or(unsigned char a0,unsigned char b0)
{
return vm_nao(0xa5,0xa5,a0^0xff,b0);
}
//与
unsigned char vm_and(unsigned char a0,unsigned char b0)
{
return vm_nao(0xff,a0,0xff,b0);
}
//与非
unsigned char vm_nand(unsigned char a0,unsigned char b0)
{
return vm_not(vm_and(a0,b0));
}
//或非
unsigned char vm_nor(unsigned char a0,unsigned char b0)
{
return vm_not(vm_or(a0,b0));
}
//异或
unsigned char vm_xor(unsigned char a0,unsigned char b0)
{
return vm_not(vm_nao(a0,b0,vm_not(a0),vm_not(b0)));
}
//同或
unsigned char vm_nxor(unsigned char a0,unsigned char b0)
{
return vm_not(vm_nao(a0,b0^0xff,a0^0xff,b0));
}
//四字节同比较器
unsigned char vm_same4(unsigned char a0[4],unsigned char b0[4])
{
unsigned char tmpc[4];
unsigned char tmpc0,tmpa0,tmpb0;
int tmpi;
for(tmpi=0;tmpi<4;tmpi++)
{
tmpc[tmpi]=vm_xor(a0[tmpi],b0[tmpi]);
}
tmpa0=vm_or(tmpc[0],tmpc[1]);
tmpb0=vm_or(tmpc[2],tmpc[3]);
//garbage start
tmpc0=tmpb0;
tmpb0=vm_not(vm_not(vm_or(tmpa0,tmpa0)));
tmpa0=vm_and(tmpc0,tmpc0);
//garbage end
return vm_nor(tmpa0,tmpb0);
}
//单字节同比较器
unsigned char vm_same1(unsigned char a0,unsigned char b0)
{
unsigned char tmpc;
unsigned char tmpc1;
//garbage start
tmpc=b0;
b0=vm_not(vm_not(vm_or(a0,a0)));
a0=vm_and(tmpc,tmpc);
//garbage end
tmpc1=vm_xor(a0,b0);
return vm_not(tmpc1);
}
|
|
|
|
